Anonymized access to online data

ABSTRACT

Customer online data is collected via script on customer computers and is communicated to a server hosted by an organization, such as a card issuer. The customer online data communicated to the server is non-personally identifiable information (non-PII). In turn, the server aggregates the non-PII customer online data from the set of participating merchants. The server associates the received non-PII customer online data with non-PII demographic data. Other non-PII transaction data, such as previous transactions processed at a card issuer, also can be associated with the non-PII customer online data and non-PII demographic data. These associations are, in turn, used to create reports and to provide services to help merchants or other requesting organizations develop online strategies to drive click thru and conversion rates.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of, claims priority to and thebenefit of, U.S. Ser. No. 14/570,428 filed Dec. 15, 2014 and entitled“SYSTEM AND METHOD FOR ONLINE DATA PROCESSING.” The '428 application isa continuation of, claims priority to and the benefit of, U.S. Ser. No.12/712,355 filed Feb. 25, 2010 and entitled “SYSTEM AND METHOD FORONLINE DATA PROCESSING” (aka U.S. Pat. No. 8,935,797 issued Jan. 13,2015). Both of which are hereby incorporated in their entirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention generally relates to processing and reportingdemographic and transaction customer data, and more particularly toproviding demographic and transaction data to a merchant based ontransactions at, and beyond the merchant's own business, whileprotecting the privacy of customers.

2. Related Art

In the context of online shopping, click-through and conversion ratesare two methods for measuring the performance of a website or thesuccess of an online advertising campaign. A click-through rate is thenumber of users who clicked-on (i.e., selected) an advertisement on aweb page divided by the number of times the advertisement was delivered(i.e., the number of impressions presented). A conversion rate is theratio of users who convert content views or website visits into desiredactions.

Surveys are sometimes used by merchants to correlate demographic andother segmentation information to develop online strategies that improveclick-through and conversion rates. However, many merchants do not reachthis goal because their online strategies are based on unreliable andhypothetical demographic data provided by such surveys.

One type of survey merchants use is designed to match demographic andother segmentation information to feedback from users regarding onlineadvertising campaigns. However, this type of survey data can beunreliable due to “self selection”. Self-selection is a term used toindicate any situation in which individuals select themselves into agroup, causing a biased sample. In many cases self-selection makes itdifficult to evaluate programs, to determine whether the program hassome effect, and to do market research because of these biases.

Another way in which merchants seek to improve click-through andconversion rates is by targeting their advertising and developing onlinestrategies based on how site visitors behave, for example, by analyzingclick-through patterns. While such behavioral targeting is generallyconsidered useful, it still often fails to provide merchants withsufficient demographic and transaction data needed to create a robustonline strategy.

Demographic data on visitors of a particular merchant website also isavailable. This type of data has been found to be limited, however,primarily because it lacks a correlation between the demographic data ofcustomers and transaction data beyond the particular merchant's websitefrom which the survey was administered. Moreover, tracking when acustomer views a product at a particular merchant's website, abandonspurchasing the product, and later purchases that product from acompetitor requires specialized software applications.

In addition to the above challenges, customers are typically adverse todata aggregation regarding their actions and behaviors, online orotherwise. Such privacy concerns, can cause people to respondinaccurately or simply not participate in a survey.

As a result of the foregoing, merchants are hindered from acquiring richdemographic and transaction data associated with transaction data at,and beyond the particular merchant's own business, while protecting theprivacy of the customers.

BRIEF DESCRIPTION OF THE INVENTION

The present invention meets the above-identified needs by providing asystem, method and computer program product for providing reliabledemographic and transaction data to a merchant based on transactions at,and beyond the merchant's own business, while protecting the privacy andcompete anonymity of the customers.

In one embodiment a method and computer readable medium are provided forprocessing online data. First data, a first identifier, and a secondidentifier are received from a data source. The first identifier isestablished as personally identifiable information (PII) by the datasource. The second identifier is established as non-personallyidentifiable information (non-PII) by the data source. The secondidentifier is associated with a third identifier that is non-PII. Thefirst data, second identifier, and third identifier are all sent to afirst service.

In another embodiment, a system for processing online data is provided.The system includes a network interface unit and a first server. Thenetwork interface unit is configured to receive first data, a firstidentifier, and a second identifier from a data source. The firstidentifier is established as personally identifiable information (PII)by the data source. The second identifier is established asnon-personally identifiable information (non-PII) by the data source.The first server is configured to associate the second identifier with athird identifier that is non-PII. The first server is also configured tosend the first data, second identifier, and third identifier to a secondserver.

Further features and advantages of the present invention as well as thestructure and operation of various embodiments of the present inventionare described in detail below with reference to the accompanyingdrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The features and advantages of the present invention will become moreapparent from the detailed description set forth below when taken inconjunction with the drawings.

FIG. 1 is a collaboration diagram of functional modules deployed on oneor more computer systems for providing demographic and transaction datain one embodiment of the present invention.

FIG. 2 is a flowchart illustrating a privacy data receiving process inone embodiment of the present invention.

FIG. 3 is a flowchart illustrating an online data receiving andreporting process in one embodiment of the present invention.

FIG. 4 is a block diagram of an exemplary computer system useful forimplementing the present invention.

DETAILED DESCRIPTION

The present invention is directed to a system, method and computerprogram product for providing merchants with demographic and transactiondata associated with transaction data at, and beyond the merchant's ownbusiness, while protecting the privacy of the customers. Generally, aset of participating merchants that agree to collect customer onlinedata is established. Each participating merchant includes an instructionwithin its web pages requesting their customers' web browsers todownload a script from a web server that is distinct from the one ormore servers providing the merchants' web pages. While a customerbrowses a particular merchant's web site, the web server collectscustomer online data via the downloaded script, such as records ofcustomer web site visits, without collecting personally identifiableinformation (PII) data. Such data is referred to herein generally asnon-personally identifiable information (non-PII) data. Different typesof non-PII data, including non-PII online data, non-PII transactiondata, non-PII demographic data, and a unique user identifier (ID), willbe described below in more detail.

The web server communicates the collected customer online data to areporting server hosted by an organization, such as a card issuer.

The reporting server associates the received non-PII customer onlinedata with non-PII demographic data. Other non-PII transaction data, suchas previous transactions processed at a card issuer, also can beassociated with the non-PII customer online data and non-PII demographicdata. These associations are, in turn, used to create reports andprovide services to help merchants or other requesting organizationsdevelop online strategies.

Reports and services are tailored to a requestor's needs. For instance,a merchant could request a report on the demographics of visitors thatabandoned their shopping carts.

Each customer's privacy is preserved because customer online data is notassociated with PII data at any point between the collection of customeronline data, and the creation of reports and/or the providing ofservices based on the customer online data. In other words, a particularindividual cardmember is not associated with his or her online data.

The terms “user,” “customer,” “cardmember,” and/or the plural form ofthese terms are used interchangeably throughout herein to refer to thosepersons or entities capable of accessing, using, being affected byand/or benefiting from the present invention.

A “merchant” as used herein refers to any person, organization,distributor system, software and/or hardware that is a provider, brokerand/or any other organization in the distribution chain of goods,services, content, and the like. For example, a merchant may be agrocery store, a retail store, a travel agency, a service provider, anon-line merchant or the like. The term “vendor” is sometimes usedinterchangeably with the term “merchant”.

A “card” as used herein refers to both “open cards” and “closed cards.”“Open cards” are financial transaction cards that are generally acceptedat different merchants. Examples of open cards include the AMERICANEXPRESS, VISA, MASTERCARD, and DISCOVER Cards, which may be used at manydifferent retailers and other businesses. In contrast, “closed cards”are financial transaction cards that may be restricted to use in aparticular store, a particular chain of stores or a collection ofaffiliated stores. One example of a closed card is a pre-paid gift cardthat may only be purchased at, and only be accepted at, a clothingretailer, such as The GAP store.

An “account” as used herein refers to an account associated with an openaccount or a closed account system. The account may exist in a physicalor non-physical embodiment. For example, an account may be distributedin non-physical embodiments such as an account number, frequent-flyeraccount, telephone calling account or the like. Furthermore, a physicalembodiment of a transaction account may be distributed as a financialinstrument.

A “card issuer” and “issuer” as used herein refer to an organizationthat issues a transaction account and associated financial instrument(e.g., payment device, transaction card, and the like) to a cardmember.They also are responsible for maintaining details of the cardmember'saccount including eligibility for services, payments made, chargesincurred, and the like.

A “card number” or “account number”, as used herein, includes anydevice, code, or other identifier suitably configured to allow acardmember to interact or communicate with an issuer.

“Personally identifiable information” (PII) as used herein refers todata that a customer, merchant, card issuer or the like wishes to keepconfidential, such as a social security number (SSN), a card number,address information, phone number, email address, and the like.

“Non-personally identifiable information” (non-PII) as used hereinrefers to data that is not PII.

A “service” or “web service” as used herein refers to one or moresoftware components, hardware components, or any combination thereof,associated with providing, receiving, and/or interfacing with data overa network.

“Demographic data” as used herein refers to data associated with one ormore characteristics of one or more persons.

“Transaction data” as used herein refers to data associated with anaction and/or communication.

“Customer online data” and “online data” as used herein refers to dataassociated with actions and/or communications occurring on and/or inconjunction with a network.

A “tracking script” and “script” as used herein refers to any data thatincludes a computing instruction.

The individual logic units of decisioning/orchestration units, andprocesses described below (i.e., blocks 102-120, and processes 200 and300) may be implemented in one or more computer systems, servers, orother processing systems. In addition, units 102-120, and processes 200and 300 can be operated and controlled by one or more card issuersystems, third party systems, or a combination of each.

FIG. 1 is a collaboration diagram of functional modules deployed on oneor more computer systems for providing demographic and transaction datain accordance with an embodiment of the present invention.

Reporting services 112 generate reports and provide services that aretailored based on requests from merchants and other requestingorganizations. To generate these reports and services, reportingservices 112 receive demographic and transaction data from a datasource, such as customer data services 104 (via PII privacy services108), and receive online data from card issuer web services 118. Theonline data sent from card issuer web services 118 is based upon dataassociated with browsing merchant web services 116. As explained in moredetail below, reporting services 112 is not provided access to PII data.

A process for receiving demographic and transaction data from a datasource, such as customer data services 104 (via PII privacy services108), at reporting services 112 is described first. A process forreceiving online data from card issuer web services 118 at reportingservices 112 are discussed later. As discussed below, the flow of datafrom both customer data services 104 and card issuer web services 118 isongoing and can occur in real-time, on-demand, and/or at scheduledintervals, scheduled times, based on data collection thresholds, etc.

For one or more cardmembers of a card issuer, customer datastore 102stores PII data, demographic data (non-PII), transaction data (non-PII),and a unique online user ID (non-PII). As explained above, PII dataincludes information such as a cardmember's card number, individualname, and address information. Demographic data includes, informationsuch as age, income, home ownership, employment status, location data,and/or any other demographic characteristics.

Transaction data associated with a financial transaction includes, forexample, information pertaining to transactions processed by the cardissuer in connection with one or more respective cardmember accountssuch as a transaction ID, price, product category, and the like.

A unique online user ID is a unique identifier associated with acardmember in connection with enrolling the cardmember with card issuerweb services 118. The functionality of web services 118, including howthe services are used to enroll cardmembers, is discussed later.

The unique online user ID is non-PII and is generated based upon arandom or pseudo random number, which is not derived from PII data.Hence, external to the databases of the card issuer which associate acardmember's unique online user ID to a particular cardmember, merepossession of the unique online user ID alone will not allow aparticular cardmember to be identified.

In customer datastore 102, the card number of each cardmember isassociated with a respective cardmember's name and address information,demographic data, and transaction data. In addition, each card number isassociated with a unique online user ID of the cardmember. As describedbelow, prior to reporting services 112 receiving data from customerdatastore 102 (via customer data services 104 and PII privacy services108) and storing the received data in non-PII datastore 114, allassociations between PII data (e.g., the cardmember's card number) andnon-PII data are removed by PII privacy services 108.

Customer data services 104 are an interface between customer datastore102 and PII data privacy services 108. As shown in FIG. 1,communications between customer data services 104 and PII data privacyservices 108 occur through firewall 106.

Customer data services 104 generate a card key-code for one or morecustomers based on the data stored in customer datastore 102. For eachcustomer, the card key-code includes at least one card number (PII) andat least one unique online user ID (non-PII). The card key-code alsoincludes an association between the card number (PII) and the uniqueonline user ID (non-PII) for each customer, respectively.

FIG. 2, shows an example card key-code 207, represented as a table. Inexample card key-code 207, each card-number-to-unique-online-user-IDassociation is indicated based on their existence in the same datarecord. A card key-code can be represented in any other format capableof indicating one or more card numbers, unique online user IDs, and therespective associations between each. Other formats may include, commaseparated files, databases, and the like.

Customer data services 104 send the card key-code to PII data privacyservices 108. In addition to sending the card key-code to PII dataprivacy services 108, customer data services 104 send, to PII dataprivacy services 108, the respective customer non-PII demographic andtransaction data of each card number included in the card key-code,along with an indication of the particular card number the non-PIIdemographic and transaction data is associated with for a particularcustomer.

PII privacy services 108 receive the data sent from customer dataservices 104 and remove all PII data from the received data (e.g., thecardmember card numbers in this implementation).

For each card number contained in the card key-code, PII privacyservices 108 generates a hash number. The hash number is distinct fromthe unique online user ID (non-PII) and is generated based upon a randomor pseudo random number, which is not derived from PII data.

PII privacy services 108 convert the card key-code into a non-PIIkey-code by replacing each card number with one of the hash numbersgenerated by PII privacy services 108, and associating each respectiveunique online user ID (non-PII) previously associated to a respectivecard number, with a respective hash number. FIG. 2, shows an examplenon-PII key-code 208. PII privacy services 108 also associates thedemographic and transaction data received from customer data services104 with a respective hash number in lieu of a respective card number.

The non-PII key-code generated by PII privacy services 108, and thedemographic and transaction data received from customer data services104, but now associated with respective hash numbers in lieu of cardnumbers, are sent from PII privacy services 108 to reporting services112. Reporting services 112 receive the non-PII key-code, anddemographic and transaction data, and store each in non-PII datastore114. As described further below, reporting services 112 associate thedemographic and transaction data stored in non-PII datastore 114 withonline data received from card issuer web services 118.

PII privacy services has access to the associations between (1) cardnumbers (PII), (2) unique online user IDs (non-PII), and (3) hashnumbers (non-PII). However, customer data services 104 does not haveaccess to the hash number associations, and reporting services 112 doesnot have access to the card number associations. Thus, cardmemberprivacy is preserved by prohibiting reporting services 112 access tocardmember PII data, and thereby prohibiting the ability to associateonline data to a particular cardmember.

To ensure PII data is prohibited from reporting services 112, firewalls106 and 110 enforce security policies that restrict access to the PIIand non-PII data associations managed by PII privacy services 108.Specifically, the flow of PII data and PII data associations arerestricted to those communications between customer data services 104and PII privacy services 108. No PII data, nor PIT data associations aresent between PII privacy services 108 and reporting services 112.

The key-codes, demographic and transaction data, and respective dataassociations sent between customer data services 104, PII privacyservices 108, and reporting services 112 are sent/received, synchronizedand/or updated in real-time, on-demand, and/or at scheduled intervals,at scheduled times, at data collection/aggregation thresholds, etc., asdesired.

In alternative embodiments, the above features based upon the PII dataincluding a cardmember card number are implemented using PII data inaddition to, or in lieu of, a cardmember card number. In suchimplementations, the above card number associations can includealternate and/or additional PII data associations, as desired. Forinstance, a cardmember's phone number may be used in lieu of, or inaddition to, the cardmember's card number, and associated withdemographic and transaction data.

Card issuer web services 118 provide web services to customers regardingtheir accounts with the card issuer such as accessing recenttransactions and monthly statements, initiating a transaction dispute,and the like. Customer information required by these services isaccessed from customer datastore 102.

When a customer 122 accesses card issuer web services 118 via a webbrowser on customer computer system 120, the customer 122 is providedwith a card issuer web services 118 login and enrollment interface. Asdiscussed above, enrollment of a customer 122 with card issuer webservices 118 includes associating a unique user ID (non-PII) of customer122 with a card number of customer 122. This association is stored incustomer datastore 102 by card issuer web services 118.

Card issuer web services 118 has its own privacy policy distinct fromthe privacy policy of the account of customer 122 at the card issuer.During enrollment at card issuer web services 118, card issuer webservices 118 provides the customer 122 with the opportunity to reviewthe privacy policy of card issuer web services 118.

In addition, card issuer web services 118 provide the customer 122 withan explicit opt-in and/or opt-out option for allowing online datatracking via merchant websites in conjunction with a cookie containing aunique online user ID (non-PII) of the customer 122. The opt-in and/oropt-out selection of customer 122 is stored in customer datastore 102.The unique online user ID (non-PII) associated with a card number ofcustomer 122 is placed in a tracking cookie.

In addition to the unique online user ID (non-PII), the tracking cookieindicates whether the customer 122 has selected to opt-in or opt-out ofmerchant online tracking. If the customer selects the opt-out option,then no online data is tracked in this fashion. If the customer selectsthe opt-in option, then online data is tracked when the tracking cookieexists on the computing device the customer is using to access/navigatea merchant's website.

Card issuer web services 118 send the tracking cookie to customercomputer system 120 of the customer 122. The tracking cookie isassociated with the domain of card issuer web services 118. Because thecookie is provided by the same domain that it is associated with (e.g.,card issuer web services 118), the tracking cookie is considered afirst-party cookie. In one embodiment, web browser security policiesrestrict access to first-party cookies solely to websites within thedomain associated with the first-party cookie.

Websites that are not within the domain of card issuer web services 118,in one embodiment, are not aware of, nor provided access to, thetracking cookie. To protect customer privacy and prohibit merchantwebsites from accessing the tracking cookie, the domains of merchant webservices 116 and card issuer web services 118 are distinct. Thus, eventhough a particular merchant is participating in the customer onlinedata collection of the present invention, the particular merchant is notaware of the tracking cookie, nor does the particular merchant knowwhether customer online data for customer 122 is being tracked by cardissuer web services 118.

In an alternative embodiment, one or more of the domains of merchant webservices 116 and card issuer web services 118 are the same. Also, in analternative embodiment, the tracking cookie may be provided by domainsother than the one or more domains of card issuer web service 118. Thetracking cookie may also be associated with the domains but not providedby them. Instead, the cookies can be provided by a third party orgenerated internal to the customer computer system 120. The trackingcookie may also be provided in addition to the domain(s).

Each time the customer 122 logs into web services 118, a check isperformed to determine whether the tracking cookie exists on theparticular computing device that customer 122 is accessing/navigatingcard issuer web services 118 through.

If the cookie does not exist, then the tracking cookie containing theunique online user ID (non-PII) and indicating the opt-in/opt-outselection is downloaded to that computing device by card issuer webservices 118.

In alternative embodiments, information contained in the tracking cookiemay be implemented in more than one cookie. Also, in lieu of an opt-inand/or opt-out selection indication within the tracking cookie, theexistence of a tracking cookie on the computing device of customer 122may itself indicate that the user chose to opt-in and/or opt-out ofmerchant online tracking.

Prior to aggregating online data at reporting services 112, a set ofmerchants for collecting the online data is established. Merchant webservices 116 represents one or more merchants that have agreed to trackand provide online data regarding their customers (e.g., customer 122)through online data collection by card issuer web services 118. Theonline data collection by card issuer web services 118 is performed by ascript that has been downloaded from card issuer web services 118 to aweb browser and executed by the customer computer system 120.

Particularly, merchant services 116 are include an instruction withinits web pages requesting the web browser operating on the customercomputer system 120 to download the script from the card issuer webservices 118. As the customer 122 browses a particular merchant websiteprovided by merchant web services 116, the downloaded script is executedin conjunction with the web pages provided by merchant web service 116to send online data to card issuer web services 118.

When card issuer web services 118 receives a request to download ascript, web services 118 determines whether a tracking cookie is presenton the particular computing device that the customer 122 isaccessing/navigating merchant web services 116 through (e.g., customercomputer system 120). In addition to detecting the presence of atracking cookie, card issuer web services 118 retrieves the uniqueonline user ID (non-PII) stored in each tracking cookie. Also, basedupon the particular tracking cookie implementations discussed above,card issuer web services 118 detects whether the customer 122 selectedto opt-in (or not opt-out) for merchant online tracking.

If card issuer web services 118 detects a tracking cookie and thetracking cookie indicates that the customer 122 selected to opt-in (ornot opt-out) of merchant tracking, then card issuer web services 118sends the browser on customer computer system 120 a tracking script. Thetracking script may be written in JAVA, JAVA script, ActiveX, etc. or inany other language/format suitable for being integrated with the onemore websites/web pages provided by merchant web services 116. Thetracking script is loaded by, and is executed in conjunction with, theone or more web pages provided by merchant web services 116. At customercomputer system 120, the tracking script tracks online data of customer122 while customer 122 browses the one or more web sites provided bymerchant web services 116. In turn, the tracking script communicates theonline data of customer 122 to card issuer web services 118.

Online data includes, for example, the products viewed, the productsselected for purchase, products abandoned prior to checkout, the amountof time spent viewing particular products, the particular searches andcategories viewed, metrics of interest for helping merchants or otherorganizations improve click-through and conversion rates on theirwebsites.

The tracked online data is stored in a tracking record created by cardissuer web services 118. Card issuer web services 118 retrieves theunique online user ID (non-PII) contained in the tracking cookie of thecustomer 122 and stores it in the tracking record. Thus, the trackingrecord contains the online data of customer 122 and the unique onlineuser ID (non-PII) of customer 122.

Card issuer web services 118 sends the tracking record to reportingservices 112. One or more tracking records are sent in real-time,on-demand, and/or at scheduled intervals, at scheduled times, at datacollection/aggregation thresholds, etc., as desired.

For each tracking record received, reporting services 112 translates theunique online user ID in the received tracking record to the hash number(non-PII) associated with that unique online user ID using the non-PIIkey-code stored in non-PII datastore 114. Reporting services 112associates each tracking record with the appropriate demographic andtransaction data stored in non-PII datastore 114 by matching the hashnumbers (non-PII) of each. The tracking record is stored in non-PIIdatastore 114 by reporting services 112. Accordingly, the trackingrecord of customer 122, and the demographic and transaction data of eachcustomer 122 are associated without using PII data.

Reporting services 112 generate reports and provides services based onthe tracking records, and associated demographic and transaction datastored in non-PII datastore 114. None of the reports generated cancontain PII data because reporting services 112 is not privy to PIIdata. FIG. 3, shows an example report 308.

FIG. 2 illustrates a privacy data receiving process 200, in accordancewith an embodiment of the present invention. Generally, process 200communicates demographic and transaction data from customer dataservices 104 to reporting services 112 after the data is processed byPII privacy services 108, in an example embodiment. As explained above,the customer data services 104 can be associated with one or moreorganizations.

In block 201, the customer data services 104 creates a card key-codeincluding PII data elements and non-PII data elements for a set ofcustomers. As desribed above, FIG. 2 includes an example card key-code207, where the PII data element is a card number of a customer and thenon-PII data element is a unique online user ID of the customer, such asthe unique online user ID described with regard to FIG. 1. Therespective PII and non-PII data elements of a particular customer areassociated in the card key-code.

The unique online user IDs for the customers are preferably not knownoutside the customer data services 104 and the PII privacy services 108.Hence, external to those services, mere possession of a unique onlineuser ID alone does not allow a particular customer to be identified.

At block 202, for each customer, the customer data services 104associates at least one PII data element of the card key-code withdemographic and transaction data. In turn, the customer data services104 send the card key-code and the now associated demographic andtransaction data to the PII privacy services 108, as shown at block 203.

At block 204, the PII privacy services 108 converts the received cardkey-code into a non-PII key-code. The non-PII key-code does not includeany PII data elements.

The conversion includes replacing the one or more PII data elements ofeach customer included in the card key-code with a hash number not knownto the customer data services 104, and associating each respectivenon-PII data element the card key-code previously associated to the oneor more respective PII data elements, with a respective hash number.Block 208 contains a non-PII key-code example, where the non-PII dataelement included from the card key-code is a unique online user ID.

At block 205, PII privacy services 108 associate the demographic andtransaction data received from the customer data services 104 with arespective hash number, in lieu of the previously associated respectivePII data element. The PII privacy services 108 send the non-PII key-codeand associated demographic and transaction data to the reporting server,as shown at block 206.

FIG. 3 illustrates an online data receiving and reporting process 300,in accordance with an embodiment of the present invention. Generally,process 300 communicates customer online data from a server to reportingservices 112. The online data is associated with demographic andtransaction data by the reporting services 112, and a report based onthe online, demographic, and transaction data is created.

In block 301, a server sends online data to reporting services 112. Theonline data includes data derived from customer visits to a merchant website and, for each customer, an associated a unique online user ID.Block 305 is an example of the online data collected by the server andassociated with the unique online user IDs of each customer.

At block 302, the reporting services 112 convert each unique online userID from the online data to a respective hash number using theassociations defined in a non-PII key-code, such as the non-PII key-codedescribed above with reference to FIG. 2. Block 305 includes an examplenon-PII Key-Code.

In turn, the reporting services 112 associate the online data for eachcustomer with respective demographic and transaction data for eachcustomer by matching the hash numbers associated with each, as shown atblock 303. Block 307 is an example of the demographic and transactionaldata. In block 304, reporting services analyzes the now associatedonline data, demographic data, and transaction data to generateaggregated reports. Block 308 includes a sample aggregate report.

The present invention (i.e., system 100, processes 200 and 300, or anypart(s) or function(s) thereof) may be implemented using hardware,software or a combination thereof and may be implemented in one or morecomputer systems or other processing systems. However, the manipulationsperformed by the present invention were often referred to in terms, suchas adding or comparing, which are commonly associated with mentaloperations performed by a human operator. No such capability of a humanoperator is necessary, or desirable in most cases, in any of theoperations described herein which form part of the present invention.Rather, the operations are machine operations. Useful machines forperforming the operation of the present invention include generalpurpose digital computers or similar devices.

In fact, in one embodiment, the invention is directed toward one or morecomputer systems capable of carrying out the functionality describedherein. An example of a computer system 400 is shown in FIG. 4.

The computer system 400 (which may take the form of a main framecomputer) includes one or more processors, such as processor 404. Theprocessor 404 is connected to a communication infrastructure 406 (e.g.,a communications bus, cross-over bar, or network). Various softwareembodiments are described in terms of this exemplary computer system.After reading this description, it will become apparent to a personskilled in the relevant art(s) how to implement the invention usingother computer systems and/or architectures.

Computer system 400 can include a display interface 402 that forwardsgraphics, text, and other data from the communication infrastructure 406(or from a frame buffer not shown) for display on the display unit 430.

Computer system 400 also includes a main memory 408, preferably randomaccess memory (RAM), and may also include a secondary memory 410. Thesecondary memory 410 may include, for example, a hard disk drive 412and/or a removable storage drive 414, representing a floppy disk drive,a magnetic tape drive, an optical disk drive, etc. The removable storagedrive 414 reads from and/or writes to a removable storage unit 418 in awell known manner. Removable storage unit 418 represents a floppy disk,magnetic tape, optical disk, etc. which is read by and written to byremovable storage drive 414. As will be appreciated, the removablestorage unit 418 includes a computer usable storage medium having storedtherein computer software and/or data.

In alternative embodiments, secondary memory 410 may include othersimilar devices for allowing computer programs or other instructions tobe loaded into computer system 400. Such devices may include, forexample, a removable storage unit 422 and an interface 420. Examples ofsuch may include a program cartridge and cartridge interface (such asthat found in video game devices), a removable memory chip (such as anerasable programmable read only memory (EPROM), or programmable readonly memory (PROM)) and associated socket, and other removable storageunits 422 and interfaces 420, which allow software and data to betransferred from the removable storage unit 422 to computer system 400.

Computer system 400 may also include a communications interface 424.Communications interface 424 allows software and data to be transferredbetween computer system N00 and external devices. Examples ofcommunications interface 424 may include a modem, a network interface(such as an Ethernet card), a communications port, a Personal ComputerMemory Card International Association (PCMCIA) slot and card, etc.Software and data transferred via communications interface 424 are inthe form of signals 428 which may be electronic, electromagnetic,optical or other signals capable of being received by communicationsinterface 424. These signals 428 are provided to communicationsinterface 424 via a communications path (e.g., channel) 426. Thischannel 426 carries signals 428 and may be implemented using wire orcable, fiber optics, a telephone line, a cellular link, a radiofrequency (RF) link and other communications channels.

In this document, the terms “computer program medium” and “computerusable medium” are used to generally refer to media such as removablestorage drive 414, a hard disk installed in hard disk drive 412, andsignals 428. These computer program products provide software tocomputer system 400. The invention is directed to such computer programproducts.

Computer programs (also referred to as computer control logic) arestored in main memory 408 and/or secondary memory 410. Computer programsmay also be received via communications interface 424. Such computerprograms, when executed, enable the computer system 400 to perform thefeatures of the present invention, as discussed herein. In particular,the computer programs, when executed, enable the processor 404 toperform the features of the present invention. Accordingly, suchcomputer programs represent controllers of the computer system 400.

In an embodiment where the invention is implemented using software, thesoftware may be stored in a computer program product and loaded intocomputer system 400 using removable storage drive 414, hard drive 412 orcommunications interface 424. The control logic (software), whenexecuted by the processor 404, causes the processor 404 to perform thefunctions of the invention as described herein.

In another embodiment, the invention is implemented primarily inhardware using, for example, hardware components such as applicationspecific integrated circuits (ASICs). Implementation of the hardwarestate machine so as to perform the functions described herein will beapparent to persons skilled in the relevant art(s).

In yet another embodiment, the invention is implemented using acombination of both hardware and software.

While various embodiments of the present invention have been describedabove, it should be understood that they have been presented by way ofexample, and not limitation. It will be apparent to persons skilled inthe relevant art(s) that various changes in form and detail can be madetherein without departing from the spirit and scope of the presentinvention. Thus, the present invention should not be limited by any ofthe above described exemplary embodiments, but should be defined only inaccordance with the following claims and their equivalents.

In addition, it should be understood that the figures and screen shotsillustrated in the attachments, which highlight the functionality andadvantages of the present invention, are presented for example purposesonly. The architecture of the present invention is sufficiently flexibleand configurable, such that it may be utilized (and navigated) in waysother than that shown in the accompanying figures.

Further, the purpose of the foregoing Abstract is to enable the U.S.Patent and Trademark Office and the public generally, and especially thescientists, engineers and practitioners in the art who are not familiarwith patent or legal terms or phraseology, to determine quickly from acursory inspection the nature and essence of the technical disclosure ofthe application. The Abstract is not intended to be limiting as to thescope of the present invention in any way. It is also to be understoodthat the steps and processes recited in the claims need not be performedin the order presented.

What is claimed is:
 1. A computer implemented method comprising:replacing, by a computer-based system, a card number with a first hashcode in the card key-code; and transmitting, by the computer-basedsystem, transaction data for a first user identification (ID), the firstuser ID and the first hash code to a first service that is remote fromthe computer based system, wherein the first service stores anassociation between the transaction data and online data of theconsumer, in response to the first hash code matching a second hashcode.
 2. The method of claim 1, wherein the online data identifies itemsselected for eventual purchase that have not yet been purchased.
 3. Themethod of claim 1, wherein the first service receives the online dataand the first user ID from different entities.
 4. The method of claim 1,wherein the online data includes browsing history of the consumer. 5.The method of claim 1, wherein the first hash code is not communicatedoutside the computer-based system and the first service.
 6. The methodof claim 1, further comprising generating, by the computer-based system,a card key-code.
 7. The method of claim 1, wherein the first servicedoes not have access to a transaction account code associated with theconsumer.
 8. The method of claim 1, wherein the computer-based systemdoes not have access to the online data.
 9. The method of claim 1,further comprising associating the first hash code with the first userID of the consumer.
 10. The method of claim 1, further comprisingassociating the first hash code with the first user ID of the consumerby inserting the first hash code in the card key-code.
 11. The method ofclaim 1, wherein the second hash code is retrieved by the first servicebased on a second user ID associated with the online data.
 12. Themethod of claim 1, further comprising generating, by the computer-basedsystem, the first hash code.
 13. The method of claim 1, wherein thefirst hash code is generated.
 14. The method of claim 1, wherein thefirst service further associates the online data with demographic data,in response to the first hash code matching the second hash code. 15.The method of claim 1, wherein the online data identifies an abandonedonline shopping cart of the consumer.
 16. The method of claim 1, whereina transaction account code associated with the consumer comprisespersonally identifiable information (PII) and the first user IDcomprises non-personally identifiable information (non-PII).
 17. Themethod of claim 16, wherein the first service generates a report basedon online data, wherein PII is not accessed by the first service duringthe generating.
 18. The method of claim 16, further comprisingenforcing, by the computer-based system, a security policy thatrestricts the first service from accessing PII.
 19. A system comprising:a processor, a tangible, non-transitory memory configured to communicatewith the processor, the tangible, non-transitory memory havinginstructions stored thereon that, in response to execution by theprocessor, cause the processor to perform operations comprising:replacing, by the processor, a card number with a first hash code in thecard key-code; and transmitting, by the processor, transaction data fora first user identification (ID), the first user ID and the first hashcode to a first service that is remote from the processor, wherein thefirst service stores an association between the transaction data andonline data of the consumer, in response to the first hash code matchinga second hash code.
 20. An article of manufacture including anon-transitory, tangible computer-readable storage medium havinginstructions stored thereon that, in response to execution by acomputer-based system, cause the computer-based system to performoperations comprising: replacing, by the computer-based system, a cardnumber with a first hash code in the card key-code; and transmitting, bythe computer-based system, transaction data for a first useridentification (ID), the first user ID and the first hash code to afirst service that is remote from the computer based system, wherein thefirst service stores an association between the transaction data andonline data of the consumer, in response to the first hash code matchinga second hash code.